Threat Hunting > [T2]: Dashboards and Data Visualization in Kibana

In this lesson, we will explore the dashboards and data visualization features provided by Kibana. Kibana comes pre-loaded with various dashboards and visualizations for different integrations. Additionally, you can create custom dashboards based on your requirements.

 

Discovering System Integration Dashboards: To view the dashboards provided by the system integration, type "system" in the global search bar in Kibana and click on the first result. This will show you the list of available dashboards for the system integration.

 

Syslog Dashboard: By clicking on the Syslog dashboard, you will gain an overall insight into your Linux servers that have been onboarded with the system integration enabled. This dashboard provides valuable information about your server's syslog events.

 

New Users and Groups Dashboard: A practical use case for the system integration is monitoring newly created users and groups. To demonstrate this, switch to the root user and add a new account to your lab machine. Open your terminal and execute the following commands:

sudo su
useradd ahmed # you can change 'ahmed' to any username
  1. Monitoring New Users: After creating the new user, head back to Kibana and check the Users and Groups dashboard. You should see the new user you just created being displayed on the dashboard.

 

In summary, Kibana offers powerful data visualization capabilities that can help you monitor and analyze your systems more effectively. By leveraging these built-in dashboards or creating your custom ones, you can gain valuable insights into your infrastructure and improve your overall security posture.

← Prev Dashboard Next →